<?php

/*

COMP 353F
Dr. B Desai
Final Project
Group #11

6330746 Nicholas CONSTANTINIDIS
9532862 Jacqueline FU
5484537 Claudio Javier LOPEZ FLORES
9218416 Que Tung NGUYEN

*/

require "Connect.php";

	// Return list of categories
	function getCategoriesForMenu() {
		$db = new Connect();
	
		$sql = "SELECT cid, cName FROM Category";
		
		$result = $db->query($sql);
		
		if(!$result || mysql_num_rows($result) == 0)
		{
			return;
		}
		else
		{
			$rows = $db->to_array($result);
			return $rows;
		}
	}
	
	// Return number of unread notices for member
	function getUnreadNotifications() {
		$db = new Connect();
	
		$sql = "SELECT COUNT(*) AS Notices FROM Notice WHERE isRead = 0 AND mID = " . $_SESSION['mid'];
		
		$result = $db->query($sql);
		
		if(!$result || mysql_num_rows($result) == 0)
		{
			return 0;
		}
		else
		{
			$rows = $db->to_array($result);
			return $rows[0]['Notices'];
		}
	}

  // Check whether the current user is logged in or a guest
  function isLoggedIn() {
    if (!array_key_exists("login", $_SESSION) || $_SESSION["login"] == false)
      return false;
    else
      return true;
  }

    // Check whether the current user is an administrator
  function isAdmin() {
    if (!array_key_exists("login", $_SESSION) || $_SESSION["login"] == false)
      return false;
    if (!array_key_exists("admin", $_SESSION) || $_SESSION["admin"] == false)
      return false;
    else
      return true;
  }
  
  function getMemberID() {
    if (!array_key_exists("login", $_SESSION) || $_SESSION["login"] == false)
      return -1;
    if (!array_key_exists("mid", $_SESSION))
      return -1;
    else
      return $_SESSION['mid'];
  }

  // Check whether the current user failed to log in
  function loginFailed() {
    if (!isLoggedIn() && isset($_POST["login"]))
      return true;
    else
      return false;
  }

  // Perform the login
  function login() {
	$db = new Connect();
	
	$user = $_POST['username'];
	$pass = $_POST['password'];
	  
	$sql = "select MemberInfo.* from Guest " .
	       "inner join MemberInfo ON MemberInfo.email = Guest.email " .
	       "where MemberInfo.suspended = 0 AND Guest.email='" . $user . "' and Guest.password='" . $pass . "'";
	
	$result = $db->query($sql);
	
	if(!$result || mysql_num_rows($result) == 0)
	{
    	$_SESSION["login"] = false;
	}
	else
	{
    	$_SESSION["login"] = true;
    	
		$rows = $db->to_array($result);
		$name = explode(' ', $rows[0]['mName']);
    	$_SESSION["name"] = $name[0];
    	$_SESSION["mid"] = $rows[0]['mID'];
    	$_SESSION["admin"] = $rows[0]['admin'];
    	
    	// If admin, redirect to the admin page once logged in
    	if (isAdmin())
  			print "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=admin.php\">";
	}
  }

  // Perform the logout
  function logout() {
    $_SESSION["login"] = false;
    
    // Redirect to home page
    print "<meta HTTP-EQUIV=\"REFRESH\" content=\"0; url=index.php\">";
  }

  // Check to see if we received post data and perform login or logout
  if (isset($_POST["login"]))
    login();
  if (isset($_POST["logout"]))
    logout();
?>

<div id="top">
  <div id="logo">
    <h1><a href="index.php">
      <span class="logoWhite">Co</span><span class="logoRed">B</span><span class="logoGreen">A</span><span class="logoBlue">G</span><span class="logoWhite">Sys</span>
    </a></h1>
  </div>
  <div id="login">
<?php
  if (!isLoggedIn()) {
    print "
    <form action=\"\" method=\"post\" id=\"loginForm\">
      <fieldset>
        <table border=\"0\" cellpadding=\"0\">
          <tr>
            <th>Username</th>
            <th>Password</th>
          </tr>
          <tr>
            <td><input type=\"text\" size=\"10\" id=\"username\" name=\"username\" value=\"\"/></td>
            <td><input type=\"password\" size=\"10\" id=\"password\" name=\"password\" value=\"\"/></td>
            <td><input type=\"submit\" class=\"smallButton\" name=\"login\" value=\"Login\" id=\"loginbutton\"/></td>
          </tr>
          <tr>
            <td>" . (loginFailed() ? "<span class=\"error\">LOGIN FAILED</span>" : "") . "</td>
            <td colspan=\"2\"><a href=\"passreset.php\">Forgot password?</a></td>
          </tr>
        </table>
      </fieldset>
    </form>
    ";
  }
  else {
    print "
    <form action=\"\" method=\"post\" id=\"logoutForm\">
      <fieldset>
        <table border=\"0\" cellpadding=\"0\">
          <col width=\"200px\">
          <tr><td><p></p></td></tr>
          <tr><td><p></p></td></tr>
          <tr>
            <td class=\"legal\">Welcome, " . $_SESSION['name'] . "!</td>
            <td><input type=\"submit\" class=\"smallButton\" name=\"logout\" value=\"Logout\" id=\"logoutbutton\"/></td>
          </tr>
        </table>
      </fieldset>
    </form>
    ";
  }
?>
  </div>
</div>
<div id="leftnav">
  <ul class="top-level">
<?php
	if (isLoggedIn())
	{
    	  if (isAdmin())
    	  {
	    print "<li><a href=\"adminmembers.php\">Edit Members</a></li>";
      	    print "<li><a href=\"admincategories.php\">Edit Categories</a></li>";
	    print "<li><a href=\"adminreports.php\">View Reports</a></li>";
          }
	print "<li><a href=\"members.php\">View Members</a></li>";
	print "<li><a href=\"newpost.php\">New Posting</a></li>";
	print "<li><a href=\"changepass.php\">Change password</a></li>";
	}
?>
    <li><a href="garagesale.php">Garage Sale</a></li>
    <li><a href="#">Categories</a>
      <ul class="list-cat">
<?php
	$rows = getCategoriesForMenu();
	
	if (isset($rows))
	{
		$rowcount = count($rows);
		for ($i = 0; $i < $rowcount; $i++)
		{
			print "<li><a href=\"postings.php?cid=" . $rows[$i]['cid'] . "\">" . $rows[$i]['cName'] . "</a></li>";
		}
	}
	else
	{
		print "<li>No categories</li>";
	}
?>
      </ul>
    </li>
  </ul>
  <form action="postings.php" method="get" id="searchForm">
    <fieldset>
      <table border="0">
        <tr><td><input type="text" size="13" id="search" name="search" value=""/></td>
        </tr>
        <tr><td><input type="submit" class="smallButton" value="Search" id="searchbutton"/></td>
        </tr>
        <tr><td><a href="search.php">Advanced search</a></td>
        </tr>
      </table>
    </fieldset>
  </form>
</div>
<div id="topnav">
  <ul id="navlist">
    <li><a href="register.php">Register</a></li>
<?php
	if (isLoggedIn())
	{
    	print "<li><a href=\"myprofile.php\">My Profile</a></li>";
    	
		$notifications = getUnreadNotifications();
		
	    if ($notifications == 0)
	    	print "<li><a href=\"inbox.php\">Inbox</a></li>";
	    else
	    	print "<li><a class=\"unread\" href=\"inbox.php\">Inbox (" . $notifications . ")</a></li>";
	print "<li><a href=\"postings.php?mid=" . $_SESSION['mid'] . "\">My Postings</a></li>";
	print "<li><a href=\"setting.php?mid=" . $_SESSION['mid'] . "\">Setting</a></li>";
	}
?>
    <li><a href="about.php">About</a></li>
    <li><a href="faq.php">FAQ/Help</a></li>
  </ul>
  <p></p>
</div>